According to a report, a security researcher named Saugat Pokharel discovered a bug on Instagram. The attacker can get your private information by using Facebook’s Business Suite tool, which available to any Facebook business accounts.
The tool will display additional information about the person who sent a direct message to a Facebook business account linked to Instagram and included in the test group. It includes the private email address and birthday particularly. So business users just need to do to get the information is to send a direct message.
Pokharel found that accounts that set to private and not to accept a public direct message where the attack worked on. The user would not receive any notification mentioning that someone viewed their profile if an account did not accept DMs.
A Facebook spokesperson’s statement to The Verge said that the bug was just open for a brief timeframe. This is after they began a trial in October for business accounts, where can reveal personal information of a person they are messaging. However, they said that they quickly resolved this bug, furthermore, they found no evidence of abuse. Therefore, they rewarded Pokharel through their Bug Bounty Program for his help in reporting this issue to them.
And according to Pokharel, Facebook engineers fixed the bug on Instagram within a couple of hours of being advised.
We have to know that most of the attacks are using our personal information. So we must be vigilant about this kind of bug.
Source: The Verge
